Deloitte Global survey: In era of heightened uncertainty, new risks rise to the fore — just as financial institutions look to reduce costs

Explore Content

NEW YORK, NY, USA, 2 March 2017—A majority of banks and other financial institutions surveyed are not confident about their firms’ effectiveness in managing cybersecurity and geopolitics, two of the biggest risks facing global businesses of all shapes and sizes, according to Deloitte Global’s tenth survey of financial services risk managers.

This comes as there is talk around deregulation in the United States, banks being challenged to hold overall costs down, major cybersecurity breaches and a shift to using new technology tools like robotic process automation (RPA) to improve quality and efficiency by automating routine tasks. Consequently, Deloitte Global’s report predicts that 2017 may be an inflection point for financial institutions’ risk management efforts.

“Risk management is becoming even more important today, as financial institutions confront a variety of trends that have introduced greater uncertainty into the future direction of the business and regulatory environment,” said Edward Hida, Deloitte Global Risk & Capital Management Leader. “Risk management programs will need to not only become more effective and efficient, but also acquire the agility to respond flexibly and nimbly to the next set of demands. This is where I believe the next era of risk management will need to evolve to.”

According to the survey, 80 percent or higher of those surveyed rated their institution as extremely or very effective in managing traditional risks like liquidity, underwriting/reserving, credit and investment risk. In contrast, when it came to newer risk types – which often present more challenges – respondents considered their institution to be less effective in areas like cybersecurity (42 percent), model (40 percent), third party (37 percent), data integrity (32 percent), and geopolitical risks (28 percent). In the geopolitical risk area, this percentage dropped roughly by half from Deloitte Global’s previous survey in 2014, indicating that this issue has rocketed up risk managers’ radar.

Contact

Increasing investment in risk management

While the financial services industry is under pressure to reduce costs as a whole, 44 percent of respondents expected their institution’s annual spending on risk management to increase by 10 percent or more over the next two years, including 13 percent who expected an increase of more than 25 percent. These figures are an increase from 2014’s survey, when 37 percent of respondents expected an increase of 10 percent or more and 9 percent expected an increase of 25 percent or more.

“I suspect that part of these budgets are being redirected to invest in new, emerging technologies,” said Hida. “Along with technologies like RPA, an emerging trend is for institutions to leverage technologies like cognitive and advanced analytics techniques to identify behavior patterns and predictive analytics to identify emerging risks.”

Additionally, given the pace of regulatory change, 52 percent of respondents were extremely or very concerned about the ability for risk technology to adapt to changing regulatory requirements.

Among other survey findings:

One Area of Particular Concern in Geopolitical Risk: Risk managers were asked about how proposals in some countries to renegotiate trade agreements (which can be an influencer to that country’s economic prospects) were likely to impact the risks facing their institutions. Respondents were divided, with 48 percent expecting that the risks facing their institution would increase, while 49 percent thought these proposals would have no impact. Executives in Europe were most likely to expect increased risk: 68 percent expected that risks would increase, including 16 percent who thought they would increase significantly.

The Two Biggest Issues in Stress Tests: A number of qualitative issues in capital stress testing were rated as being extremely or very challenging, including capital stress-testing IT platforms (66 percent) and data quality and management for capital stress-testing calculations (52 percent).

The Battle for Risk Management Talent: 70 percent of respondents said attracting and retaining risk management professionals with required skills would be an extremely or very high priority for their institution over the next two years, while 54 percent said the same about attracting and retaining business unit professionals with required risk management skills. Since cybersecurity is a growing concern across all industries, the competition is especially intense for professionals with expertise in this area.

Time for IT Systems Modernization?: Roughly half of respondents were either extremely or very concerned about several issues related to IT systems including legacy systems and antiquated architecture or end-of-life systems (51 percent), inability to respond to time sensitive and ad-hoc requests (49 percent), lack of flexibility to extend the current systems (48 percent), and lack of integration among systems (44 percent).

Culture Challenges Remain: While regulators around the world have recently placed greater focus on the important role that culture plays in effective risk management, work remains to be done on this front. According to those surveyed, board oversight activities at many financial institutions did not include helping establish and embed the risk culture of the enterprise (67 percent) or review incentive compensation plans to consider alignment of risks with rewards (55 percent).

Credit Risk Gets Harder to Gauge: With relatively weak economic conditions in many markets around the world, managing credit risk is a significant challenge for financial institutions. When asked how challenging it would be to manage credit risk over the next two years, the areas most often considered to be extremely or very challenging were collateral valuation (38 percent), commercial real estate (33 percent), unsecured credit (33 percent), and mortgages/home equity lines of credit (30 percent).

Yet, even if the recent breakneck pace of new regulatory requirements does not continue, financial institutions will be well advised to not scale back their risk management programs.

“Many institutions have also found that the new regulatory requirements have created a new normal and a new set of industry expectations. Many will not want to change from this norm,” said Contri. “The higher capital requirements that have been put in place, for example, have had important implications for the lines of business that institutions choose to enter or exit in an effort to minimize their required capital.”

About the Survey

Deloitte Global’s biennial survey assesses the risk management programs, planned improvements, and continuing challenges among global financial institutions. The tenth edition surveyed chief risk officers—or their equivalent—at 77 financial institutions, and represents a range of financial services sectors, including banks, insurers and investment managers, with aggregate assets of US$13.6 trillion. The survey was conducted in the second half of 2016—after the Brexit vote in the United Kingdom but before the US presidential election.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about to learn more about our global network of member firms.

Deloitte provides audit, consulting, financial advisory, risk advisory, tax and related services to public and private clients spanning multiple industries. Deloitte serves four out of five Fortune Global 500® companies through a globally connected network of member firms in more than 150 countries bringing world-class capabilities, insights, and high-quality service to address clients’ most complex business challenges. To learn more about how Deloitte’s approximately 245,000 professionals make an impact that matters, please connect with us on Facebook, LinkedIn, or Twitter.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see About Deloitte for a detailed description of DTTL and its member firms.